OK, I'll try to upgrad the hadoop jars to 2.7.2.
-----邮件原件----- 发件人: Jacques Le Roux [mailto:jacques.le.r...@les7arts.com] 发送时间: 2016年4月28日 19:53 收件人: dev@ofbiz.apache.org 主题: Re: Solr libs duplication Thanks Shingai! And while at it, if it's possible, it would be good, for security reason, to upgrade (or remember to upgrade) Hadoop libs, used in Solr component, to the 2.7.2 version. This is due to https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1776 which is quite recent. I don't know (did not try) if it's possible to simply upgrade the libs or to wait for a new Solr version covering the issue. I checked the last available Solr version (6.0.0) does not. For details see https://svn.apache.org/viewvc/ofbiz/trunk/tools/security/dependency-check/dependency-check-report.html?view=co&revision=HEAD Thanks Jacques Le 28/04/2016 à 06:06, Shi Jinghai a écrit : > Thanks Christian! > > I created an issue on the jars duplicated: > https://issues.apache.org/jira/browse/OFBIZ-7026 > > I'll remove the dupliations step by step. > > Kind Regards, > > Shi Jinghai > > -----邮件原件----- > 发件人: Christian Geisert [mailto:christian.geis...@isu-gmbh.de] > 发送时间: 2016年4月27日 18:02 > 收件人: dev@ofbiz.apache.org > 主题: Re: Solr libs duplication > > There are also duplicates with regards to framework (noticed that while > integrating Apache Camel, but didn't have time to work on it yet) > > ./specialpurpose/solr/webapp/solr/WEB-INF/lib/concurrentlinkedhashmap-lru-1.2.jar > ./framework/base/lib/clhm-release-1.0-lru.jar > > I think version 1.2 should be moved to framework. > > Christian > > Am 27.04.2016 11:34, schrieb Shi Jinghai: >> Hi Jacques, >> >> Obviously it's my fault :-( >> >> The duplicated jars under webapp /solr/WEB-INF/lib/ can be removed as they >> are already common jars at container level. I'll remove the duplicated jars >> ASAP. >> >> Kind Regards, >> >> Shi Jinghai >> >> -----邮件原件----- >> 发件人: Jacques Le Roux [mailto:jacques.le.r...@les7arts.com] >> 发送时间: 2016年4月26日 17:58 >> 收件人: dev@ofbiz.apache.org; shi.jinghai >> 主题: Solr libs duplication >> >> Hi Jinghai, >> >> Do you think it's possible to somehow avoid these duplications in Solr >> component? >> >> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\joda-time-2.2.jar >> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\joda-time-2.2.jar >> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-codecs-5.3.1.jar >> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-codecs-5.3.1.jar >> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-highlighter-5.3.1.jar >> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-highlighter-5.3.1.jar >> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-join-5.3.1.jar >> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-join-5.3.1.jar >> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-queries-5.3.1.jar >> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-queries-5.3.1.jar >> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-spatial-5.3.1.jar >> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-spatial-5.3.1.jar >> C:\projectASF-Mars\ofbiz\specialpurpose\solr\lib\runtime\lucene-suggest-5.3.1.jar >> C:\projectASF-Mars\ofbiz\specialpurpose\solr\webapp\solr\WEB-INF\lib\lucene-suggest-5.3.1.jar >> >> >> I think it must be hard (if even possible) because it's runtime >> dependencies, right? >> >> Thanks >> >> Jacques >> >> >> > > >
